Do you have a passion for security and excited about impacting some of the largest and most complex infrastructure security challenges Microsoft is involved with today? If the answer is yes, you may be a candidate to join the ACE Team.
The ACE (Assessment...

Hi all, I’m Tom Easthope, Sr. Program Manager on the Enterprise Business Continuity team at Microsoft. This blog entry is a companion to the video interview about a key component of our business continuity methodology – the Business Impact Assessment...

Hi, RockyH here,
I was browsing for IT security news from the hotel this evening and came across this gem:
That’s it. Of course there is no information about who to email, and why should their be. If they can’t figure out how to tell the difference...

The Information Security Tools (IST) team has released the InfoSec Assessment & Protection (A&P) Suite . It’s a suite made up of protection and assessment tools which include:
Web Protection Library (WPL) - an umbrella for several libraries...

Hi Steven Michalove here, I’m a principal program manager on Microsoft IT’s Information Security (InfoSec) group. For the last of couple weeks, we’ve been talking about Microsoft IT’s (MSIT) dogfooding process, known as the First & Best program. Concluding...

Hi Price Oden here, I’m a principal senior security architect on the Microsoft IT Information Security (InfoSec) group. Dogfooding is part of Microsoft IT’s culture. It’s where Microsoft IT (MSIT) plays an important role and service for Microsoft’s enterprise...

Hey there, my name is Sarah Pickard and I am a Senior Program Manager on the Microsoft Information Security Risk Management team. You have seen some blogs by Vineet Batta on the external release of Risk Tracker which is an application Information Security...

Hello Diane here. Do you ever wonder how Microsoft’s IT Information Security (InfoSec) is involved in the dogfooding process? This week we’re kicking off our blog series on dogfooding. It's a formal program in Microsoft IT known as the First & Best...

Organizations who would like to deploy the Risk Tracker v1.0 application in their own environment, Vineet Batta, senior software developer on Microsoft’s IST team, shares how in his blog, “ How to Integrate Risk Tracker with Internal HR Feeds...

The Microsoft Information Security Tools (IST) team has released the latest Microsoft Anti-Cross Site Scripting (Anti-XSS) Library version 3.1 . Read more about Anti-XSS v3.1 on the Information Security blog and watch the video, “ Anti-XSS 3.0 Released...

The Microsoft Information Security Tools (IST) team has released the Connected Information Security Framework (CISF) , a software development framework comprises of API’s and reusable components that is designed to ‘create bespoke or custom information...

Hello, Anmol here. As you’ve been following along with me in my blog series on Security Development Lifecycle for Line-of-Business applications (SDL-LOB) , I’ve talked about Phase One , Two , Three and Four . Today, I’ll discuss the last...

Hello, Anmol here. This is a continuation of my blog series on the SDL-LOB process . In my last blog entry I talked about Phase 1: Requirements for LOB . Let’s discuss Phase Two: Design for LOB. As you read my blog series...

Hello, Anmol here. For this blog series I’ll discuss the SDL-LOB process and cover all 5 phases as we go. In my last blog entry I provided an overview of this process, Blog Series: Get Familiar with the SDL-LOB Process . Today I’ll...

Hello, Anmol Malhotra here. I’m a Senior Security Engineer with ACE Team, a part of Microsoft IT Information Security group. I’d like to introduce you to the Security Development Lifecycle for Line-of-Business Applications (SDL-LOB) process.
As part...

VSTS 2008 has a great recording tool that allows you to create web test simply by recording your web traffic in the browser. But what if your application doesn’t use web browser, but still communicates with servers using HTTP or HTTPS protocols (such...